-
CVSS Score
-Basic Information
Technical Details
Vulnerability Intelligence
Miggo AI
Miggo AIMiggo AI| Package Name | Ecosystem | Vulnerable Versions | First Patched Version |
|---|---|---|---|
| ua-parser/uap-php | composer | < 3.8.0 | 3.8.0 |
Miggo AIRoot Cause AnalysisThe vulnerability stems from unsafe regex patterns in uap-core's regexes.yaml, which are imported into uap-php's regexes.php. The AbstractParser::parse method executes these regexes via preg_match against untrusted user agent strings. The specific commit 156f7e1 in uap-core modified regex patterns to eliminate nested quantifiers (e.g., replacing '(\d+)?' with '(\d+|)'), confirming the regex execution path in the PHP implementation is the attack surface. The PHP package's dependency on these regex patterns makes the parse method the logical point of vulnerability.
A Semantic Attack on Google Gemini - Read the Latest Research